Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2004-0322

Published: 23/02/2004 Updated: 29/04/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Xmb Forum

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote malicious users to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

Vulnerable Product Search on Vulmon Subscribe to Product

xmb forum xmb 1.8_sp1

xmb forum xmb 1.8_sp2

xmb forum xmb 1.8

Exploits

Exploit DB: XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities The issues present themselves due to insufficient sanitization of remote user supplied data An attacker may exploit any one of these vulnerabilities to execute arbitrary script c ...
Exploit DB: XMB Forum 1.8 - 'u2uadmin.php?uid' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities The issues present themselves due to insufficient sanitization of remote user supplied data An attacker may exploit any one of these vulnerabilities to execute arbitrary script co ...
Exploit DB: XMB Forum 1.8 - BBcode align Tag Cross-Site Scripting
source: wwwsecurityfocuscom/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities The issues present themselves due to insufficient sanitization of remote user supplied data An attacker may exploit any one of these vulnerabilities to execute arbitrary script c ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/9726http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.htmlhttp://www.xmbforum.com/community/boards/viewthread.php?tid=746859http://marc.info/?l=bugtraq&m=107756526625179&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15294https://exchange.xforce.ibmcloud.com/vulnerabilities/15292https://docs.xmbforum2.com/index.php?title=Security_Issue_Historyhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/23746/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook